INFO: rcu detected stall in bcm_tx_timeout_tsklet
4 views
Skip to first unread message
syzbot
Oct 30, 2022, 2:39:35 AM10/30/22
to syzkaller...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1113a3e2880000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=8b3dc2d4cd95c0d0e892
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b3dc2...@syzkaller.appspotmail.com
Bluetooth: hci1: command 0x0419 tx timeout
Bluetooth: hci3: command 0x0419 tx timeout
Bluetooth: hci7: command 0x0419 tx timeout
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: (detected by 1, t=10502 jiffies, g=375525, q=23791)
rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4295158519-4295148017), jiffies_till_next_fqs=1, root ->qsmask 0x0
syz-executor.1 R running task 26312 17802 8125 0x80000002
Call Trace:
<IRQ>
sched_show_task.cold+0x332/0x396 kernel/sched/core.c:5337
print_other_cpu_stall kernel/rcu/tree.c:1430 [inline]
check_cpu_stall kernel/rcu/tree.c:1557 [inline]
__rcu_pending kernel/rcu/tree.c:3293 [inline]
rcu_pending kernel/rcu/tree.c:3336 [inline]
rcu_check_callbacks.cold+0xb37/0xe19 kernel/rcu/tree.c:2682
update_process_times+0x2a/0x70 kernel/time/timer.c:1650
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:168
tick_sched_timer+0xfc/0x290 kernel/time/tick-sched.c:1278
__run_hrtimer kernel/time/hrtimer.c:1465 [inline]
__hrtimer_run_queues+0x3f6/0xe60 kernel/time/hrtimer.c:1527
hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1585
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline]
smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:slab_alloc_node mm/slab.c:3334 [inline]
RIP: 0010:kmem_cache_alloc_node_trace+0x2ee/0x3b0 mm/slab.c:3666
Code: fe ff ff 48 f7 04 24 00 02 00 00 0f 84 28 fe ff ff e8 26 89 cf ff 48 83 3d 66 62 59 08 00 0f 84 aa 00 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 e9 23 fe ff ff 65 ff 05 11 bf 69 7e 48 8b 05 c2 db
RSP: 0018:ffff8880ba107c80 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000007 RBX: 0000000000490220 RCX: 1ffff11009507135
RDX: 0000000000000000 RSI: ffff88804a838988 RDI: 0000000000000286
RBP: 0000000000490220 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881ef7d3d00
R13: ffff88813bff0940 R14: 00000000000001c0 R15: ffff88813bff0940
__do_kmalloc_node mm/slab.c:3688 [inline]
__kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3703
__kmalloc_reserve net/core/skbuff.c:137 [inline]
__alloc_skb+0xae/0x560 net/core/skbuff.c:205
alloc_skb include/linux/skbuff.h:995 [inline]
bcm_can_tx+0x259/0x800 net/can/bcm.c:287
bcm_tx_timeout_tsklet+0x1f0/0x3a0 net/can/bcm.c:414
tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:99 [inline]
RIP: 0010:__local_bh_enable_ip+0x18d/0x270 kernel/softirq.c:196
Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 dd 00 00 00 48 83 3d c8 5f b8 08 00 0f 84 8d 00 00 00 fb 66 0f 1f 44 00 00 <65> 8b 05 6c bc c8 7e 85 c0 74 7d 5b 5d 41 5c c3 80 3d f3 87 d5 09
RSP: 0018:ffff8880464ef4d8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3053 RBX: 0000000000000200 RCX: 1ffff11009507135
RDX: dffffc0000000000 RSI: ffff88804a838988 RDI: ffff88804a838984
RBP: ffffffff86a43e12 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88804a838100
R13: 000000000000d5fa R14: 0000000000000000 R15: 0000000000000001
local_bh_enable include/linux/bottom_half.h:32 [inline]
get_next_corpse net/netfilter/nf_conntrack_core.c:1907 [inline]
nf_ct_iterate_cleanup+0x239/0x520 net/netfilter/nf_conntrack_core.c:1930
nf_ct_iterate_cleanup_net net/netfilter/nf_conntrack_core.c:2015 [inline]
nf_ct_iterate_cleanup_net+0x113/0x170 net/netfilter/nf_conntrack_core.c:2000
masq_device_event+0xae/0xe0 net/ipv6/netfilter/nf_nat_masquerade_ipv6.c:77
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers net/core/dev.c:1762 [inline]
dev_close_many+0x323/0x670 net/core/dev.c:1514
rollback_registered_many+0x2f7/0xe70 net/core/dev.c:8173
rollback_registered+0xe9/0x1b0 net/core/dev.c:8238
unregister_netdevice_queue+0x1de/0x3e0 net/core/dev.c:9305
unregister_netdevice include/linux/netdevice.h:2615 [inline]
__tun_detach+0x100d/0x1320 drivers/net/tun.c:745
tun_detach drivers/net/tun.c:762 [inline]
tun_chr_close+0xd9/0x180 drivers/net/tun.c:3323
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xbf3/0x2be0 kernel/exit.c:870
do_group_exit+0x125/0x310 kernel/exit.c:967
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f5713e172d1
Code: Bad RIP value.
RSP: 002b:00007f57123230b0 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007f5713f13120 RCX: 00007f5713e172d1
RDX: 00007f57123230f0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f5713e4d7b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007ffedaf70bdf R14: 00007f5712323300 R15: 0000000000022000
rcu: rcu_preempt kthread starved for 10502 jiffies! g375525 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: RCU grace-period kthread stack dump:
rcu_preempt R running task 29208 10 2 0x80000000
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_timeout+0x4cf/0xfe0 kernel/time/timer.c:1818
rcu_gp_kthread+0xdad/0x21c0 kernel/rcu/tree.c:2202
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot found the following issue on:
HEAD commit: 3f8a27f9e27b Linux 4.19.211
git tree: linux-4.19.y
console output: https://syzkaller.appspot.com/x/log.txt?x=1113a3e2880000
kernel config: https://syzkaller.appspot.com/x/.config?x=9b9277b418617afe
dashboard link: https://syzkaller.appspot.com/bug?extid=8b3dc2d4cd95c0d0e892
compiler: gcc version 10.2.1 20210110 (Debian 10.2.1-6)
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/98c0bdb4abb3/disk-3f8a27f9.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/ea228ff02669/vmlinux-3f8a27f9.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+8b3dc2...@syzkaller.appspotmail.com
Bluetooth: hci1: command 0x0419 tx timeout
Bluetooth: hci3: command 0x0419 tx timeout
Bluetooth: hci7: command 0x0419 tx timeout
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
rcu: (detected by 1, t=10502 jiffies, g=375525, q=23791)
rcu: All QSes seen, last rcu_preempt kthread activity 10502 (4295158519-4295148017), jiffies_till_next_fqs=1, root ->qsmask 0x0
syz-executor.1 R running task 26312 17802 8125 0x80000002
Call Trace:
<IRQ>
sched_show_task.cold+0x332/0x396 kernel/sched/core.c:5337
print_other_cpu_stall kernel/rcu/tree.c:1430 [inline]
check_cpu_stall kernel/rcu/tree.c:1557 [inline]
__rcu_pending kernel/rcu/tree.c:3293 [inline]
rcu_pending kernel/rcu/tree.c:3336 [inline]
rcu_check_callbacks.cold+0xb37/0xe19 kernel/rcu/tree.c:2682
update_process_times+0x2a/0x70 kernel/time/timer.c:1650
tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:168
tick_sched_timer+0xfc/0x290 kernel/time/tick-sched.c:1278
__run_hrtimer kernel/time/hrtimer.c:1465 [inline]
__hrtimer_run_queues+0x3f6/0xe60 kernel/time/hrtimer.c:1527
hrtimer_interrupt+0x326/0x9e0 kernel/time/hrtimer.c:1585
local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1071 [inline]
smp_apic_timer_interrupt+0x10c/0x550 arch/x86/kernel/apic/apic.c:1096
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:789 [inline]
RIP: 0010:slab_alloc_node mm/slab.c:3334 [inline]
RIP: 0010:kmem_cache_alloc_node_trace+0x2ee/0x3b0 mm/slab.c:3666
Code: fe ff ff 48 f7 04 24 00 02 00 00 0f 84 28 fe ff ff e8 26 89 cf ff 48 83 3d 66 62 59 08 00 0f 84 aa 00 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 e9 23 fe ff ff 65 ff 05 11 bf 69 7e 48 8b 05 c2 db
RSP: 0018:ffff8880ba107c80 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 0000000000000007 RBX: 0000000000490220 RCX: 1ffff11009507135
RDX: 0000000000000000 RSI: ffff88804a838988 RDI: 0000000000000286
RBP: 0000000000490220 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8881ef7d3d00
R13: ffff88813bff0940 R14: 00000000000001c0 R15: ffff88813bff0940
__do_kmalloc_node mm/slab.c:3688 [inline]
__kmalloc_node_track_caller+0x38/0x70 mm/slab.c:3703
__kmalloc_reserve net/core/skbuff.c:137 [inline]
__alloc_skb+0xae/0x560 net/core/skbuff.c:205
alloc_skb include/linux/skbuff.h:995 [inline]
bcm_can_tx+0x259/0x800 net/can/bcm.c:287
bcm_tx_timeout_tsklet+0x1f0/0x3a0 net/can/bcm.c:414
tasklet_action_common.constprop.0+0x265/0x360 kernel/softirq.c:522
__do_softirq+0x265/0x980 kernel/softirq.c:292
invoke_softirq kernel/softirq.c:372 [inline]
irq_exit+0x215/0x260 kernel/softirq.c:412
exiting_irq arch/x86/include/asm/apic.h:536 [inline]
smp_apic_timer_interrupt+0x136/0x550 arch/x86/kernel/apic/apic.c:1098
apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:894
</IRQ>
RIP: 0010:should_resched arch/x86/include/asm/preempt.h:99 [inline]
RIP: 0010:__local_bh_enable_ip+0x18d/0x270 kernel/softirq.c:196
Code: 00 00 00 00 fc ff df 48 c1 e8 03 80 3c 10 00 0f 85 dd 00 00 00 48 83 3d c8 5f b8 08 00 0f 84 8d 00 00 00 fb 66 0f 1f 44 00 00 <65> 8b 05 6c bc c8 7e 85 c0 74 7d 5b 5d 41 5c c3 80 3d f3 87 d5 09
RSP: 0018:ffff8880464ef4d8 EFLAGS: 00000286 ORIG_RAX: ffffffffffffff13
RAX: 1ffffffff13e3053 RBX: 0000000000000200 RCX: 1ffff11009507135
RDX: dffffc0000000000 RSI: ffff88804a838988 RDI: ffff88804a838984
RBP: ffffffff86a43e12 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88804a838100
R13: 000000000000d5fa R14: 0000000000000000 R15: 0000000000000001
local_bh_enable include/linux/bottom_half.h:32 [inline]
get_next_corpse net/netfilter/nf_conntrack_core.c:1907 [inline]
nf_ct_iterate_cleanup+0x239/0x520 net/netfilter/nf_conntrack_core.c:1930
nf_ct_iterate_cleanup_net net/netfilter/nf_conntrack_core.c:2015 [inline]
nf_ct_iterate_cleanup_net+0x113/0x170 net/netfilter/nf_conntrack_core.c:2000
masq_device_event+0xae/0xe0 net/ipv6/netfilter/nf_nat_masquerade_ipv6.c:77
notifier_call_chain+0xc0/0x230 kernel/notifier.c:93
call_netdevice_notifiers net/core/dev.c:1762 [inline]
dev_close_many+0x323/0x670 net/core/dev.c:1514
rollback_registered_many+0x2f7/0xe70 net/core/dev.c:8173
rollback_registered+0xe9/0x1b0 net/core/dev.c:8238
unregister_netdevice_queue+0x1de/0x3e0 net/core/dev.c:9305
unregister_netdevice include/linux/netdevice.h:2615 [inline]
__tun_detach+0x100d/0x1320 drivers/net/tun.c:745
tun_detach drivers/net/tun.c:762 [inline]
tun_chr_close+0xd9/0x180 drivers/net/tun.c:3323
__fput+0x2ce/0x890 fs/file_table.c:278
task_work_run+0x148/0x1c0 kernel/task_work.c:113
exit_task_work include/linux/task_work.h:22 [inline]
do_exit+0xbf3/0x2be0 kernel/exit.c:870
do_group_exit+0x125/0x310 kernel/exit.c:967
get_signal+0x3f2/0x1f70 kernel/signal.c:2589
do_signal+0x8f/0x1670 arch/x86/kernel/signal.c:799
exit_to_usermode_loop+0x204/0x2a0 arch/x86/entry/common.c:163
prepare_exit_to_usermode arch/x86/entry/common.c:198 [inline]
syscall_return_slowpath arch/x86/entry/common.c:271 [inline]
do_syscall_64+0x538/0x620 arch/x86/entry/common.c:296
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x7f5713e172d1
Code: Bad RIP value.
RSP: 002b:00007f57123230b0 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6
RAX: fffffffffffffdfc RBX: 00007f5713f13120 RCX: 00007f5713e172d1
RDX: 00007f57123230f0 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 00007f5713e4d7b0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
R13: 00007ffedaf70bdf R14: 00007f5712323300 R15: 0000000000022000
rcu: rcu_preempt kthread starved for 10502 jiffies! g375525 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
rcu: RCU grace-period kthread stack dump:
rcu_preempt R running task 29208 10 2 0x80000000
Call Trace:
context_switch kernel/sched/core.c:2828 [inline]
__schedule+0x887/0x2040 kernel/sched/core.c:3517
schedule+0x8d/0x1b0 kernel/sched/core.c:3561
schedule_timeout+0x4cf/0xfe0 kernel/time/timer.c:1818
rcu_gp_kthread+0xdad/0x21c0 kernel/rcu/tree.c:2202
kthread+0x33f/0x460 kernel/kthread.c:259
ret_from_fork+0x24/0x30 arch/x86/entry/entry_64.S:415
ieee802154 phy0 wpan0: encryption failed: -22
ieee802154 phy1 wpan1: encryption failed: -22
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
syzbot
Feb 27, 2023, 1:39:25 AM2/27/23
to syzkaller...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages